OpenID Connect Authentication Configuration Guide with Microsoft Entra ID

Introduction

To configure authentication via your OpenID Connect provider, follow the instructions provided in this documentation.

Configuration with Microsoft Entra ID

Step 1: Access the Azure Portal

Log in to the Azure portal.
Navigate to the App registrations section.

Step 2: Create a New Application

Click on New registration.
Fill in the required fields:
- Name: Give a name to the application.
- Redirect URI: Use the URL provided by your Wikit contact, which must be in the following format. The redirection must be for a web application type
```
https://auth.wikit.ai/realms/wikit-prod/broker/{slug-organisation}/endpoint
```
- Check Access tokens (used for implicit flows);
- Check ID tokens (used for implicit and hybrid flows);
- Check Accounts in this organizational directory only.

Click Register.

Step 3: Collect Necessary Information

On the newly created application page, note the following information:

Application (client) ID: ✏️
Directory (tenant) ID: ✏️

Step 4: Generate a Client Secret

Go to the Certificates & secrets section.
Click on New client secret.
Follow the instructions to generate a secret.
Note the value of the generated secret: ✏️

Step 5:

If, in Entra ID, your users' UPN matches their email, no additional action is required.

Otherwise, it will be necessary to add a claim to obtain the email.

In the newly created Azure application, go to “Token configuration” then “Add optional claim”

Select “ID” then “email” and click “Add”

Confirm by validating the Microsoft Graph email permission

Step 6

Return the following information to us:

Application (client) ID: ✏️
Directory (tenant) ID: ✏️
Secret ✏️
UPN or email